Protect Your Files Before They are Deleted by Hitler Ransomware!

Crooks have bared no efforts to masquerade with users’ personal data. This time they have masked themselves in the Nazi dictator- Hitler’s coherence. Recently, attacks of Hitler Ransomware were noted, which dispatch a bundle of files to users’ system.

The malicious program, once installed on the user’s system, claims to encrypt all files, demands ransom (payable within an hour) and gives a warning to innocent users’. This waring states- failure of ransom payment would lead to deletion of all files. But there are some hidden characters of this Trojan. The Ransomware doesn’t really encrypt files, but in reality it removes the file extensions.

The Trojan’s Infection

It is transmitted via spam emails with fake PDF or Microsoft Word attachments. Although, these attachments don’t open when launched. Researches on it shows that, it is actually a Windows installer converted from a batch file. Once it is successfully installed, it silently drops three files- (“ErOne.vbs” [prompts a fake error message stating that the file is not found]; “chrst.exe” [displays a lock screen], and; “firefox32.exe” [deletes files]), to the user’s “%Temp%” folder. Amongst these three files, “firefox32.exe” file is also copied to the “Common Startup” folder, which runs when user reboot the system.

Hitler Ransomware, after locking the system of a user, demands ransom. It demands 25 Euro, which is payable via a Vodafone cash card. This time, the criminals haven’t really kept this ransom payment very high (which is generally .5 to 1.5 Bitcoin) as well as the mode of payment is easier to trace.

Image Source: google.com

On the lock screen of the system, the malware also shows a timer. It gives one hour’s time to a user for the payment of ransom. Failing to do so results in deletion of all files. Once the time is over, the Trojan reboots the system and deletes all files saved within the “%UserProfile%” folder.

What’s Different about this Ransomware

There are a certain facets of Hitler Ransomware that makes it little different from the others of its types.

It seems to be an underdeveloped Ransomware: Researches clarifies that the batch file of this malicious program contains a message in German. It states that this is a test. Further, it clears out that the Ransomware is not fully developed one and the criminals have just put up a trial and error ransomware. It can also be assumed that the developers of the cyberware may come up with a variant of the same malware, which might be stronger and hard to break.

This demands little money: This is an unusual facet about Hitler Ransomware. Unlike other, it burdens innocent users with little ransom only. It is just 25 Euro. Up until now, similar malware programs have demanded 0.5 to 1.5 Bitcoin. Currently, 1 Bitcoin is equivalent to 528 Euro (round figure).

It deletes files altogether: We have seen ransomware locking out the user from system access, encrypted files and also changing the file extensions. But this ransomware deletes files altogether. It deletes files from user profile folder. Below are mentioned the file types it bulls.

%userprofile%\Contacts

%userprofile%\Desktop

%userprofile%\Documents

%userprofile%\Downloads

%userprofile%\Links

%userprofile%\Music

%userprofile%\Pictures

%userprofile%\Videos

C:\Users\Public\Music\Sample Music

C:\Users\Public\Pictures\Sample Pictures

C:\Users\Public\Videos\Sample Videos

Protection Against Hitler Ransomware

Instead of falling prey to ransomware and paying ransom, you should protect your files beforehand. Ensure that all your files are safe and secure by using Right Backup app. Right Backup is an app which helps you safeguard your files on cloud storage. Cloud storage is one of the and safest way to keep all data protected. And Right Backup does it appositely. It is a simple to use app with amazing features of data restoration and automatic backup. The app allows-

Access from anywhere, at any time

Quick data restoration

Schedule of backup for automatic backup plans

Backup of all major file formats

Be smart and protect your files from the strongest of all malware, with Right Backup app. You can get the app from here.

Subscribe to latest updates and special offers

Subscribe Newsletter

Microsoft and Windows are trademarks of the Microsoft group of companies. Mac and OS X are trademarks of Apple Inc., registered in the U.S. and other countries. All other trademarks are the property of their respective owners. Cleverbridge AG is an authorized reseller of Systweak products.

Subscribe to our newsletter and get the latest buzz in your email!

The Systweak Newsletter is sent several times a month and includes the latest and greatest offers. You will receive the latest tech news in your Inbox when you subscribe and verify your email address. What's more, you will also receive the best discounts, deals and discount coupons before anyone else! So get going, subscribe now!